]>
Commit | Line | Data |
---|---|---|
59d5af67 | 1 | From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 |
321d628a FG |
2 | From: Andy Lutomirski <luto@kernel.org> |
3 | Date: Thu, 29 Jun 2017 08:53:21 -0700 | |
59d5af67 | 4 | Subject: [PATCH] x86/mm: Enable CR4.PCIDE on supported systems |
321d628a FG |
5 | MIME-Version: 1.0 |
6 | Content-Type: text/plain; charset=UTF-8 | |
7 | Content-Transfer-Encoding: 8bit | |
8 | ||
9 | CVE-2017-5754 | |
10 | ||
11 | We can use PCID if the CPU has PCID and PGE and we're not on Xen. | |
12 | ||
13 | By itself, this has no effect. A followup patch will start using PCID. | |
14 | ||
15 | Signed-off-by: Andy Lutomirski <luto@kernel.org> | |
16 | Reviewed-by: Nadav Amit <nadav.amit@gmail.com> | |
17 | Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com> | |
18 | Reviewed-by: Thomas Gleixner <tglx@linutronix.de> | |
19 | Cc: Andrew Morton <akpm@linux-foundation.org> | |
20 | Cc: Arjan van de Ven <arjan@linux.intel.com> | |
21 | Cc: Borislav Petkov <bp@alien8.de> | |
22 | Cc: Dave Hansen <dave.hansen@intel.com> | |
23 | Cc: Juergen Gross <jgross@suse.com> | |
24 | Cc: Linus Torvalds <torvalds@linux-foundation.org> | |
25 | Cc: Mel Gorman <mgorman@suse.de> | |
26 | Cc: Peter Zijlstra <peterz@infradead.org> | |
27 | Cc: Rik van Riel <riel@redhat.com> | |
28 | Cc: linux-mm@kvack.org | |
29 | Link: http://lkml.kernel.org/r/6327ecd907b32f79d5aa0d466f04503bbec5df88.1498751203.git.luto@kernel.org | |
30 | Signed-off-by: Ingo Molnar <mingo@kernel.org> | |
31 | (cherry picked from commit 660da7c9228f685b2ebe664f9fd69aaddcc420b5) | |
32 | Signed-off-by: Andy Whitcroft <apw@canonical.com> | |
33 | Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> | |
34 | (cherry picked from commit 7d6bbe5528395f18de50bd2532843546c849883d) | |
35 | Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> | |
36 | --- | |
37 | arch/x86/include/asm/tlbflush.h | 8 ++++++++ | |
38 | arch/x86/kernel/cpu/common.c | 22 ++++++++++++++++++++++ | |
39 | arch/x86/xen/enlighten_pv.c | 6 ++++++ | |
40 | 3 files changed, 36 insertions(+) | |
41 | ||
42 | diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h | |
43 | index 50ea3482e1d1..2b3d68093235 100644 | |
44 | --- a/arch/x86/include/asm/tlbflush.h | |
45 | +++ b/arch/x86/include/asm/tlbflush.h | |
46 | @@ -207,6 +207,14 @@ static inline void __flush_tlb_all(void) | |
47 | __flush_tlb_global(); | |
48 | else | |
49 | __flush_tlb(); | |
50 | + | |
51 | + /* | |
52 | + * Note: if we somehow had PCID but not PGE, then this wouldn't work -- | |
53 | + * we'd end up flushing kernel translations for the current ASID but | |
54 | + * we might fail to flush kernel translations for other cached ASIDs. | |
55 | + * | |
56 | + * To avoid this issue, we force PCID off if PGE is off. | |
57 | + */ | |
58 | } | |
59 | ||
60 | static inline void __flush_tlb_one(unsigned long addr) | |
61 | diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c | |
62 | index 904485e7b230..b95cd94ca97b 100644 | |
63 | --- a/arch/x86/kernel/cpu/common.c | |
64 | +++ b/arch/x86/kernel/cpu/common.c | |
65 | @@ -329,6 +329,25 @@ static __always_inline void setup_smap(struct cpuinfo_x86 *c) | |
66 | } | |
67 | } | |
68 | ||
69 | +static void setup_pcid(struct cpuinfo_x86 *c) | |
70 | +{ | |
71 | + if (cpu_has(c, X86_FEATURE_PCID)) { | |
72 | + if (cpu_has(c, X86_FEATURE_PGE)) { | |
73 | + cr4_set_bits(X86_CR4_PCIDE); | |
74 | + } else { | |
75 | + /* | |
76 | + * flush_tlb_all(), as currently implemented, won't | |
77 | + * work if PCID is on but PGE is not. Since that | |
78 | + * combination doesn't exist on real hardware, there's | |
79 | + * no reason to try to fully support it, but it's | |
80 | + * polite to avoid corrupting data if we're on | |
81 | + * an improperly configured VM. | |
82 | + */ | |
83 | + clear_cpu_cap(c, X86_FEATURE_PCID); | |
84 | + } | |
85 | + } | |
86 | +} | |
87 | + | |
88 | /* | |
89 | * Protection Keys are not available in 32-bit mode. | |
90 | */ | |
91 | @@ -1143,6 +1162,9 @@ static void identify_cpu(struct cpuinfo_x86 *c) | |
92 | setup_smep(c); | |
93 | setup_smap(c); | |
94 | ||
95 | + /* Set up PCID */ | |
96 | + setup_pcid(c); | |
97 | + | |
98 | /* | |
99 | * The vendor-specific functions might have changed features. | |
100 | * Now we do "generic changes." | |
101 | diff --git a/arch/x86/xen/enlighten_pv.c b/arch/x86/xen/enlighten_pv.c | |
102 | index 811e4ddb3f37..290bc5ac9852 100644 | |
103 | --- a/arch/x86/xen/enlighten_pv.c | |
104 | +++ b/arch/x86/xen/enlighten_pv.c | |
105 | @@ -264,6 +264,12 @@ static void __init xen_init_capabilities(void) | |
106 | setup_clear_cpu_cap(X86_FEATURE_ACC); | |
107 | setup_clear_cpu_cap(X86_FEATURE_X2APIC); | |
108 | ||
109 | + /* | |
110 | + * Xen PV would need some work to support PCID: CR3 handling as well | |
111 | + * as xen_flush_tlb_others() would need updating. | |
112 | + */ | |
113 | + setup_clear_cpu_cap(X86_FEATURE_PCID); | |
114 | + | |
115 | if (!xen_initial_domain()) | |
116 | setup_clear_cpu_cap(X86_FEATURE_ACPI); | |
117 | ||
118 | -- | |
119 | 2.14.2 | |
120 |